mir clients that use cpu renderable surfaces don't work under confinement

Bug #1638796 reported by Alberto Aguirre on 2016-11-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Medium
Unassigned

Bug Description

Steps to reproduce:

snap install --edge mir-libs
snap install --edge mir-kiosk
snap install --edge mir-client-demos

And this is needed due to LP:1638334
snap disconnect mir-client-demos:mir
snap connect mir-client-demos:mir mir-kiosk:mir

mir-client-demos.fingerpaint <-- hangs

Syslog contains APPARMOR denials:

"Nov 3 05:26:07 localhost kernel: [39528.255572] audit: type=1400 audit(1478150767.332:168): apparmor="DENIED" operation="capable" profile="snap.mir-kiosk.mir-kiosk" pid=9246 comm="Mir/IPC" capability=21 capname="sys_admin"
Nov 3 05:26:07 localhost kernel: [39528.264492] audit: type=1400 audit(1478150767.344:169): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#4" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264764] audit: type=1400 audit(1478150767.344:170): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#5" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264852] audit: type=1400 audit(1478150767.344:171): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#6" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Nov 3 05:26:07 localhost kernel: [39528.264936] audit: type=1400 audit(1478150767.344:172): apparmor="DENIED" operation="file_receive" profile="snap.mir-client-demos.fingerpaint" name="/dev/shm/#7" pid=9392 comm=52504320546872656164 requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0"

Alberto Aguirre (albaguirre) wrote :
summary: - mir clients that use cpu renderable surface don't work under confinement
+ mir clients that use cpu renderable surfaces don't work under
+ confinement
Zygmunt Krynicki (zyga) wrote :

The referenced pull request was closed without merging. I'm marking this as confirmed and leaving open.

affects: snappy → snapd
Changed in snapd:
status: New → Confirmed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers